sVirt: Hardening Linux Virtualization with Mandatory Access Control

40 %
60 %
Information about sVirt: Hardening Linux Virtualization with Mandatory Access Control
Technology

Published on June 30, 2009

Author: jamesmorris

Source: slideshare.net

Description

sVirt talk given at Linux.conf.au, Hobart, 2009.

Video of the talk:
http://video.google.com.au/videoplay?docid=5750618585157629496

sVirt: Hardening Linux Virtualization with Mandatory Access Control James Morris Red Hat Security Engineering Linux.conf.au 2009 Hobart, Australia

Goal: Improve security for Linux virtualization

Linux Virtualization: Where the “hypervisor” is a normal Linux process

KVM Lguest UML

Host Userspace Guest Guest Guest Userspace Userspace Userspace Guest Guest Guest Kernel Kernel Kernel Host Kernel Host Hardware

Utilize existing process-based security mechanisms

DAC is not enough: Subjects can modify own security policy

Mandatory Access Control (MAC): Subjects cannot bypass security policy

Virtualization Threat Model (work in progress)

Virtualization introduces new security risks

Flawed hypervisor: Malicious guest breaks out, attacks other guests or host

Before virtualization: Systems were physically separated, damage limited to network attacks

Host Userspace Host Userspace Web Server DNS Server Host Kernel Host Kernel Host Hardware Host Hardware Attack Local Network

After virtualization: Guest systems running on same server, possibly as same UID

Host Userspace Guest Userspace Guest Userspace Guest Web Server Guest DNS Server Userspace Userspace Guest Guest local Guest Guest Kernel Kernel exploits Kernel Kernel Host Kernel Host Hardware memory, storage, etc.

Malicious or compromised guests can now attack other guests via local mechanisms

Hypervisor vulnerabilities: Not theoretical Evolving field Potentially huge payoffs

sVirt in a nutshell: Isolate guests using MAC security policy Contain hypervisor breaches

libvirt: Virtualization API by Daniel Veillard Abstraction layer for managing different virt schemes Xen, KVM, LXC, OpenVZ

Simplified libvirt architecture drivers host node hypervisors storage hypervisor Xen iSCSI KVM NFS guest OpenVZ logical guest LXC fs guest UML disk API storage virsh virt-manager

sVirt design: Pluggable security framework for libvirt Supports MAC security schemes (SELinux, SMACK)

sVirt design: Security “driver” manages MAC labeling of guests and resources MAC policy enforced by host kernel

Simplified libvirt architecture w/ SVirt drivers host node hypervisors storage security hypervisor Xen iSCSI SELinux * KVM NFS etc. guest OpenVZ logical guest LXC fs guest UML disk * API * security labels * * storage virsh virt-manager

sVirt design: Reuse of proven code and security models Coherent and complete system policy Reduced complexity and cost

sVirt design: Must be usable and useful with demonstrable value

sVirt v1.0: Provide simple isolation of guests Zero configuration Debuggable

SELinux Policy: Guests and resources uniquely labeled virtd_isolated_t:<UUID>

SELinux Policy: Coarse rules for all isolated guests applied to virtd_isolated_t

SELinux Policy: For simple isolation: all accesses between different UUIDs are denied

Host Userspace virtd_isolated_t:1 virtd_isolated_t:2 Guest Web Server Guest DNS Server Userspace Userspace Guest Guest Guest Guest Kernel Kernel Kernel Kernel Host Kernel SELinux Host Hardware virt_image_t:1 virt_image_t:2

Future enhancements: Different types of isolated guests virtd_isolated_webserver_t

Future enhancements: Virtual network security Controlled flow between guests Distributed guest security Multilevel security

Related work: Labeled NFS Labeled Networking XACE

Similar work: XSM (port of Flask to Xen) Several proprietary schemes

Current status: Low-level libvirt integration done Can launch labeled guest Basic label support in virsh

sVirt project page: http://selinuxproject.org/page/SVirt

Questions...

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

sVirt: Hardening Linux Virtualization with Mandatory ...

sVirt: Hardening Linux Virtualization with Mandatory Access Control James Morris Red Hat Security Engineering Linux.conf.au 2009 Hobart, Australia
Read more

SVirt - SELinux Wiki - Security-Enhanced Linux

sVirt is a community project which integrates Mandatory Access Control ... "sVirt: Hardening Linux Virtualization with Mandatory Access Control" presented ...
Read more

sVirt: Hardening Linux Virtualization with Mandatory ...

... Hardening Linux Virtualization with Mandatory ... integrating Mandatory Access Control ... Linux virtualization.With ...
Read more

svirt-lca-2009 - sVirt: Hardening Linux Virtualization ...

View Notes - svirt-lca-2009 from CS 6364 at UT. sVirt: Hardening Linux Virtualization with Mandatory Access Control James Morris Red Hat Security
Read more

DockerPolicyModules: Mandatory Access Control for Docker ...

DockerPolicyModules: Mandatory Access Control for Docker ... “sVirt: Hardening linux virtualization with mandatory access control,” in Linux. conf. au ...
Read more

OpenStack Docs: Hardening the virtualization layers

Compiler hardening; Mandatory access controls; sVirt: ... Hardening the virtualization layers ... Many modern Linux distributions already build QEMU with ...
Read more

Chapter 4. sVirt - Red Hat

... and virtualization. sVirt applies Mandatory Access Control ... how sVirt integrates with virtualization technologies in Red Hat Enterprise Linux ...
Read more

218 Mandatory Access Control Model - YouTube

sVirt: Hardening Linux Virtualization with Mandatory Access Control - Duration: 48:31. Linux.conf.au 2009 -- Hobart, Australia 132 views
Read more

Chapter 7. sVirt - Red Hat Customer Portal

... Linux 6 that integrates SELinux and virtualization. sVirt applies Mandatory Access Control ... how sVirt integrates with virtualization ...
Read more